Unsecured File Access Vulnerability in Sunnet's eHRD CTMS
CVE-2024-10439

7.5HIGH

Key Information:

Vendor: Sunnet
Status: Ehrd Ctms
Vendor: CVE Published:; 28 October 2024

What is CVE-2024-10439?

The eHRD CTMS, a product developed by Sunnet, is affected by an Insecure Direct Object Reference (IDOR) vulnerability. This flaw enables unauthenticated remote attackers to exploit the system by modifying specific parameters, granting them unauthorized access to arbitrary files uploaded by any user. Such vulnerabilities pose significant security risks, as they allow attackers to retrieve sensitive information stored within the application without proper authentication protocols in place. Organizations utilizing eHRD CTMS are advised to implement rigorous security measures to mitigate potential exploitation.

Affected Version(s)

eHRD CTMS 0 < 10.8

References

https://www.twcert.org.tw/tw/cp-132-8166-085c4-1.html

third-party-advisory

https://www.twcert.org.tw/en/cp-139-8167-a2c0d-2.html

third-party-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 28, 2024
Vulnerability Reserved
Oct 28, 2024

CVE-2024-10439 Data

JSON